Authmanager Strange Bug Never Encountered It Before

Yii 1.1 General Discussion
1

Hi,

I have created many apps using Yiis Authorisation methods etc and all have worked fine, only this time I have encountered a problem I have had before. The nature of the problem indicates I must have done something wrong somewhere but I do not know where.

Here is the code …




array("allow",

				

"controllers" => array("casecollection"),

"actions" => array("update"),

"roles" => array("casecollection-update")

				

),

				

array("allow",

				

"controllers" => array("casecollection"),

"actions" => array("delete"),

"users" => array("*")

				

),

				

// casenote

array("allow",

				

"controllers" => array("casenote"),

"actions" => array("create"),

"roles" => array("casenote-create")

				

),

				

array("allow",

				

"controllers" => array("casenote"),

"actions" => array("update"),

"roles" => array("casenote-update")

				

),

				

array("allow",

				

"controllers" => array("casenote"),

"actions" => array("delete"),

"roles" => array("casenote-delete")

				

),

See the case-note delete method, that is only working if casecollection-delete is true. Also the casenote-update only works if the casecollection-update method is true. The same also applies at the database level, if I put return 1; in the casecollection-update part the casenote-update will then work. If I put return 0; in the casecolletion-update part then it will not work. All it shows is a white screen as well when not working not any authorisation error message.

So what I am saying the "delete" and "update" methods only work if the previous "delete" and "update" method works even though it is completely separate controller in the code.

Anyone ever encountered this problem? Anyone know how to fix?

2

Ahh I see what the problem is now. Errors in bizrule code.

3

Sorry guys, after some testing it turns out that this is still actually the problem.

It is executing bizrules for actions that have nothing to do with the current controller but the controller actions before it. Just like I say in my original post.

4

Does Yii execute all bizrules whenever a request is made, and then it decides whether the bizrule is applicable?

The reason I am asking is because I have this code in my casecollection-update bizrule …




return (CaseCollection::model()->findByPK(Yii::app()->request->getParam("id"))->belongsToClient(Yii::app()->user->client_id, "fk_id_with_client_id_field")->account->id == Yii::app()->user->account_id);

This works fine so long as the record for Yii::app()->request->getParam("id") exists.

The trouble is that when going to casenote-update which is not the same as casecollection-update it is still executing the code above "casecollection-update" and the Yii::app()->request->getParam("id") is not correct this resulting in an error.

5

Hi,

Its ok my scope method "belongsToClient" needed to come before the findByPK method.

Everything is working now.